Honeypots (4).ppt

VIDYABHARTI TRUST COLLEGE OF BCA, UMRAKH

SEMINAR

ON

: HONEYPOTS

GUIDED BY : CHIRAG D. MEHTA 1

Presented By : Patel Hari B. Exam Seat No: 000032

AGENDA 1. 2. 3. 4.

5. 6. 7. 8. 9. 10.

Introduction History What is Honeypots ? Why Honeypots ? How it Works ? Advantages Disadvantages Comparison with other technology Conclusion References

2

INTRODUCTION 

A Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.



They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering.



A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. 3

HISTRORY OF HONEYPOTS… 





The history of Honeypots so far according to Lance Spitzner (2002): 1990-1991: It is the first time that honeypot studies released by Clifford Stoll and Bill Cheswick . 1998: First commercial honeypot was released which is known as CyberCop Sting. 4







1998: BackOfficer Friendly honeypot was introduced. It was free and easy to configure. It is working under Windows operating system. Most of the people tried this software and the concept of honeypot became more and more known among people. 2000-2001: Honeypots started to be used for capturing malicious software from internet and being aware of new threats. 2002: Honeypot concept became popular and honeypots improved their functionalities, so they became more useful and interesting for both researchers and companies.

5

WHAT IS HONETPOTS ? 

A Honey Pot is an intrusion detection technique used to study hackers movements.

6

WHY HONEYPOTS ? 

An additional layer of security.

Firewall

IDS HoneyPots

7

HOW IT WORKS…

8

TYPES OF HONEYPOTS … 

Research Honeypots: Research honeypots are mostly used by military, research and government organizations. They are capturing a huge amount of information. Their aim is to discover new threats and learn more about the Blackhat motives and techniques. The objective is to learn how to protect a system better, they do not bring any direct value to the security of an organization.

9



Production Honeypots : Production honeypots are used to protect the company from attacks, they are implemented inside the production network to improve the overall security. They are capturing a limited amount of information, mostly low interaction honeypots are used. Thus, security administrator watches the hacker’s movements carefully and tries to lower the risks that may come from it towards the company.

10

HONEYPOTS IN CYBER SECURITY 

A honeypot is a decoy computer system for trapping hackers or tracking unconventional or new hacking methods. Honeypots are designed to purposely engage and deceive hackers and identify malicious activities performed over the Internet. Multiple honeypots can be set on a network to form a honeynet.

11

ADVANTAGES 

Small data sets of high value.



Easier and cheaper to analyze the data.



Designed to capture anything thrown at them, including tools or tactics never used before.



Require minimal resources.

12



Work fine in encrypted or IPv6 environments. (The most obvious improvement in IPv6 is that IP addresses are lengthened from 32 bits to 128 bits. This extension anticipates considerable future growth of the Internet and provides relief.)



Can collect in-depth information.



Conceptually very simple..

13

DISADVANTAGES 

Can only track and capture activity that directly interacts with them.



All security technologies have risk.



Building, configuring, deploying and maintaining a highinteraction honeypot is time consuming



Difficult to analyze a compromised honeypot. 14



High interaction honeypot introduces a high level of risk.



Low interaction honeypots are easily detectable by skilled attackers.

15

COMPARISION : HONEYPOTS VS IDS 



To detect malicious behavior, Intrusion Detection System (IDS require signatures of known attacks and often fail to detect compromises that were unknown at the time it was deployed. On the other hand, honeypots can detect vulnerabilities that are not yet understood. IDS also suffer from high false positive rates. forensic analysis of data collected from honeypots is less likely to lead to false positives than data collected by IDS. 16



IDS often depend upon signature matching or statistical models to identify attacks. In contrast, honeypots are designed to capture all known and unknown attacks directed against them.

17

COMPARISION : HONEYPOTS VS FIREWALL 



A firewall is designed to keep the attackers out of the network whereas honeypots are designed to entice the hackers to attack the system.

Firewalls log activities and logs also contains events related to production systems. However in case of honeypot, the logs are only due to nonproductive systems, these are the systems that no one should be interacting with. 18



A Firewall log contains 1000 entries of all the systems of the network whereas the Honeypots log only contain 5-10 entries.

19

CONCLUSION • •

•

Can collect in depth data which no other technology can. Different from others – its value lies in being attacked, probed or compromised. Extremely useful in observing hacker movements and preparing the systems for future attacks.

20

11. REFERENCES 

Webography 

https://www.google.com/search?ei=Lq0tXKKuM4 z7vgTa9LewBQ&q=webography&oq=webogra&gs_l =psyab.3.0.0i67j0l9.92369.93609..94747...0.0..1.213.9 98.0j6j1......0....1..gwswiz.......0i71j0i10i67j0i10.ZSIbgeq2I70

21

22